The US government may soon be looking over Facebook's shoulder to better protect your privacy. Unless Facebook and Google can prevent it, of course. Photo: Facebook

The Commerce Dept. is reportedly talking to social networking companies and consumer advocates about rules to protect online privacy. Also included are possible protections for companies that have data breeches.

This is supposedly laying the groundwork for legislation that might be proposed this fall.

“Through the White House National Economic Council, the Trump Administration aims to craft a consumer privacy protection policy that is the appropriate balance between privacy and prosperity,” Lindsay Walters, the president’s deputy press secretary, told the Washington Post. “We look forward to working with Congress on a legislative solution consistent with our overarching policy.”

This isn’t the first time the US government has considered such regulation. The Obama administration tried in 2012, but passage of its proposed “Privacy Bill of Rights” was blocked by heavy lobbying from Facebook, Google, and others.

It’s possible this could happen again. Facebook and Google will certainly be urging legislators to provide weak privacy protections for the public but strong protections against lawsuits when they get hacked.

For these companies, this is an existential issue. Their entire business model is gathering private data about users and selling it to advertisers. Strong restrictions on their ability to collect and sell consumer data would significantly impact their bottom lines.

It will require counter-lobbying from consumer advocates and the public to get meaningful privacy protections enacted. Apple will almost certainly be helping this effort, as it takes a strong position for privacy rights and against the practices of Facebook and Google.

The European model on regulating Facebook, Google

The European Union already has much stronger privacy regulations than the US.The EU’s GDPR (General Data Protection Regulation) requires companies to get consent from users to collect their data, gives consumers the right to be forgotten, and there’s a requirement that data breeches be reported within three days.

Many US companies are already following these rules. It’s easier to have one customer privacy policy than a separate one for EU citizens. Even so, consumer advocates would prefer greater privacy protections be put in place for Americans.